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DETAILED ACTION 

EXAMINER'S AMENDMENT 

1. An extension of time under 37 CFR 1.136(a) is required in order to make 
an examiner's amendment which places this application in condition for allowance. 
During a telephone conversation conducted on Mr. Nicholas Pandiscio on 2-16-06, the 
examiner requested an extension of time for TWO MONTHS (small entity) and 
authorized the Director to charge Deposit Account No. 16-0221 the required fee for 
extension of time and authorized the following examiner's amendment. Should the 
changes and/or additions be unacceptable to applicant, an amendment may be filed as 
provided by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST 
be submitted no later than the payment of the issue fee. 

The application has been amended as follows: 

a) In claim 4: 

on line 8 after "encrypted" insert -time-limited--; 

on line 1 1 after "encrypted" insert -time-limited--; 

on line 13 after "encrypted" insert -time-limited--; 

on line 20 after "time limit" insert -required for validating the proposed 

transaction--; 
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on lines 21- 23 delete "depending on the determination made in the 
foregoing step, the authorizing party communicates to said third party vendor either a 
validation or rejection of the proposed transaction." and insert in place thereof: 
- depending on the determinations made in the forgoing step, said authorizing party 
(a) rejects said proposed transaction if said user is not verified to be an authorized user 
or if the difference between said times is not within said predetermined time limit and (b) 
approves said proposed transaction if said user is verified as an authorized user and the 
difference between said times is within said predetermined time limit. — 

b) In claim 11: 

on line 17 delete "(d)" and insert in place thereof -(e)--. 

c) In claim 29: 

on line 8: delete "an encrypted ePIN comprising" and insert in place 
thereof -a time-limited personal identification number (an "ePIN") by encrypting-; 

on line 19: insert after "card" the following: -information--; 

on line 27 delete "either a validation or"; 

on line 28 delete "rejection of the proposed transaction"; 
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on line 30 (last line) insert after "if any" the following: 
, either (1) a validation of the proposed transaction if the user is verified to be an 
authorized credit card user and the proposed transaction is within said predetermined 
time limit or (2) a rejection of the proposed transaction if the user is not verified to be an 
authorized credit card user or the proposed transaction is not within said predetermined 
time limit-. 



Allowable Subject Matter 

2. Claims 4, 1 1-13, 16, 20, 22-34 are allowed. 



3. The following is an examiner's statement of reasons for allowance: 



The present invention includes independent claims 4,11, 20, 23, 27, 29. Claim 
4 recites a method of conducting electronic credit card transactions so as to guard 
against fraud, claim 11 recites a method of authorizing an electronic business 
transaction by an authorized user, claim 20 recites a method of limiting the amount of 
time information pertaining to a credit card issued by a credit card issuer is valid for use 
in support of an electronic transaction with a vendor, claim 23 recites a method for 
conducting credit card transactions so as to guard against fraud, claim 27 recites a 
method for conducting electronic transactions so as to guard against fraud, claim 29 
recites a method for conducting credit card transactions so as to guard against fraud. 
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Nissl et al is considered the closest prior art. Nissl et al discloses a method of 
limiting the amount of time information is valid in suppod of an electronic transmission. 
A date/time staYp representing the current time is encrypted and transmitted along with 
encrypted digital data. A validating entity decrypts the encrypted stamp to determine the 
age of the digital data as represented by the time of the decrypted stamp is within a 
predetermined time limit for validation of transmission (col 7, lines 60-67: col 8, lines 1- 
20). 

Nissl et al does not disclose the combination including: 
In claim 4: 

using a computer program mandated by a credit card issuer a user of a 
credit card issued by the a credit card issuer (a) initiates a proposed credit card 
transaction with a third party vendor by accessing via said third party vendor a party 
authorized by said credit card issuer to validate credit card transactions, and (b) 
transmits to said authorized party non-encrypted information concerning the user and 
an encrypted time-limited personal identification number that comprises in encrypted 
form a date/time stamp and certain information identifying said user 

said authorized party receives said encrypted time-limited personal 
identification number and said non- encrypted ether information and decrypts said 
encrypted time-limited personal identification number to derive said date/time stamp and 
said certain information identifying said user said authorized party (1) compares said 
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non- encrypted and decrypted information with previously recorded user information to 
verify that the user initiating the proposed transaction is an authorized user and (2) also 
compares the current transaction time represented by said decrypted date/time stamp 
with the time of its receipt of said encrypted date/time stamp and determines if the 
difference, if any, between said times is within a predetermined time limit required for 
validating the proposed transaction; and 

depending on the determinations made in the forgoing step, said authorizing 
party (a) rejects said proposed transaction if said user is not verified to be an authorized 
user or if the difference between said times is not within said predetermined time limit 
and (b) approves said proposed transaction if said user is verified as an authorized user 
and the difference between said times is within said predetermined time limit. 

In claim 11: 

(a) storing information about authorized users in a validating system;, 

(b) receiving in the validating system for verification an encrypted 
time-limited personal identification number which is transmitted in 
connection with a proposed electronic business transaction at the request of 
a person who may or may not be an authorized user, said encrypted 
personal identification number comprising an encrypted date/time 

stamp, and certain encrypted identifying information; 

(c) decrypting said received encrypted personal identification 
number to retrieve said date/time stamp and said certain encrypted 
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user- identifying information, 

(d) comparing said decrypted certain user-identifying information 
with the authorized user information stored in 

said validating system to verify that said decrypted certain user-identifying 

information is valid, and rejecting the proposed 

transaction if said decrypted certain user-identifying information is said 

(e) if said decrypted certain user-identifying information is verified as valid, 
(1 )determining from said decrypted time stamp if the age of the proposed 
transaction is within a predetermined time limit required for validating the 
transaction, and (2) rejecting the proposed transaction if the age of the 
proposed transaction is not within said predetermined time limit. 



In claim 20: 

A. a credit card user records credit card information required by 
the vendor, including credit card number, credit card 

expiration date, and the name of the credit card user; 

B. said user uses a computer program provided by the credit card 
issuer or a party acting on behalf of said credit card issuer to provide 

a date/time stamp representing the current date and time and to generate an 

encrypted personal identification number that comprises 

said date/time stamp and at least some of said recorded credit card 

information; 
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C. said encrypted personal identification number is transmitted from said 
credit card user via said vendor to a party authorized by the credit card issuer 

to validate proposed credit card transactions; 

D. said party authorized by said credit card issuer to validate 
proposed credit card transactions conducts a validation process that 
comprises: (1) decrypting said encrypted personal identification number to 
retrieve said date/time stamp and said at least some recorded 

credit card information, (2) determining from said decrypted date/time stamp if 
the age of the proposed transaction as is within a predetermined time limit required for 
validating the transaction, (3) comparing said decrypted credit card information with 
previously recorded credit card user information to verify that the party initiating the 
proposed credit card transaction is an authorized credit card user, and (4) depending on 
the determinations made in foregoing steps (D)(2) and (D)(3), communicating either a 
validation or rejection of the proposed transaction to the third party vendor and/or the 
party who initiated the proposed credit card transaction. 

In claim 23: 

(a) a credit card user who proposes to carry out a credit card 
transaction with a third party vendor initiates the transaction by accessing a 
computer program supplied by the credit card issuer or a party acting on 
behalf of said credit card issuer that is constructed so as to (1 ) obtain a 
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date/time stamp from a time source and (2) generate a time-limited personal 
identification number for the credit card user by encrypting said 
date/time stamp and certain required credit card information identifying the a 
credit card user; 

(b) said credit card user supplies said certain required credit card 
information to said computer program and said computer program (a) obtains 
a date/time stamp and (b) generates a personal identification number code 

comprising 

said date/time stamp and said certain required credit card information in 
encrypted form; 

(c) said personal identification number comprising 

said date/time stamp and said certain require credit card information in 
encrypted form is transmitted via said third party vendor to a validating 
system authorized to validate credit card transactions on behalf of said credit 
card issuer; 

(d) said validating system decrypts said personal 
identification code to derive the ' time as represented by 

said the decrypted date/time stamp and also said certain required credit card 
information ; 

(e) said validating system (1) compares said decrypted certain 
required credit card information with previously recorded user information to 
verify that the user initiating the proposed transaction is an authorized credit 
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card user and (2) also compares the current transaction time represented by 
said decrypted date/time stamp with the time of its receipt and determines if 
the difference, if any, between said times is within a predetermined time limit', 
and 

(f) depending on the determinations made in foregoing steps 
(e)(1) and (e)(2), the validating system communicates either a validation or 
rejection of the proposed transaction to the third party vendor and/or the 
party who initiated the proposed credit card transaction. 

In claim 27: 

(a) an entity who wishes to carry out an electronic transaction with 

a bank initiates the transaction by accessing a computer program supplied by 
said bank that is constructed so as to (1 ) obtain a date/time 
stamp in response to certain required information about the entity proposing 
to carry out the electronic transaction, and (2) generate a time-limited 
personal identification number (an "ePIN" ) by encrypting said date/time 
stamp and said certain required information, said certain required information 
including at least an account number and q( a private personal identification 
number representing said entity; 

(b) said entity supplies said certain required information to said 
computer program and in response said computer program 
obtains a date/time stamp from a time source and generates 
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an ePIN comprising said date/time stamp and said supplied certain 
information; 

(c) said ePIN is transmitted to and received by said bank or a 
validating party representing said bank; 

(d) said receiving bank or validating party decrypts said received 
ePIN to derive said date/time stamp and said supplied certain required 

information 1 , 

(e) said receiving bank or validating party (1) compares said 
decrypted certain required information with previously recorded information in 
the possession of said bank or validating party to verify that the entity 
initiating the proposed transaction is an authorized entity and (2) also 
determines from said decrypted time stamp if the 

proposed transaction meets a predetermined time limit, and 

(f) depending on the determination made in steps (e)(1) and 
(e)(2), said bank or validating party communicates either a validation or 
rejection of the proposed transaction to the entity who initiated the proposed 
credit card transaction. 

In claim 29: 

(a) a credit card user who proposes to carry out a credit card 
transaction with a credit card issuer or a third party vendor initiates the 
transaction by accessing a computer program supplied by the credit card 



Application/Control Number: 09/718,179 Page 12 

Art Unit: 1762 

issuer or a party acting on behalf of said credit card issuer that is constructed 
so as to (1 ) obtain a date/time stamp from a time source and (2) generate a time- 
limited personal identification number (an "ePIN) by encrypting said date/time stamp 
and certain required credit 

card information identifying a credit card user; 

(b) said credit card user causes said computer program to 
generate an ePIN characterized by and comprising in encrypted form (1) 
credit card information provided by said user and (2) a date/time stamp 
obtained by said computer program in response to accessing of said 
computer program by said credit card user; 

(c) said ePIN is transmitted directly or via a third party vendor to a 
validating system authorized to validate credit card transactions on behalf of 
said credit card issuer 1 , 

(d) said validating system decrypts said ePIN to derive the time 
represented by the decrypted date/time stamp and said credit card information 

provided 

by said user; 

(e) said validating system (1) compares said decrypted credit card 
information with previously recorded user information to verify that the user 
initiating the proposed transaction is an authorized credit card user and (2) 
determines from the decrypted date/time stamp whether the proposed 
transaction is within a predetermined time limit; and 
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(f) depending on the determinations made in foregoing steps 
(e)(1) and (e)(2), the validating system communicates to the credit card issuer 
and the party who initiated the proposed credit card transaction, and also to the third 
party vendor, if any, either (1 ) a validation of the proposed transaction if the user is 
verified to be an authorized credit card user and the proposed transaction is within said 
predetermined time limit or (2) a rejection of the proposed transaction if the user is not 
verified to be an authorized credit card user or the proposed transaction is not within 
said predetermined time limit. 

For these reasons claims 4, 1 1, 20, 23, 27, 29 are deemed to be allowable over 
the prior art of record, and claims 12-13, 16, 22, 24-28, 30-34. are allowable by 
dependency. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

4. Allowable subject matter may require further review for applications in 
class 705 before a notice of allowance is mailed to applicant. The time period for review 
may vary from application to application. 
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5. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Alain L. Bashore whose telephone number is 571- 
272-6739. The examiner can normally be reached on about 7:30 am to 5:00 pm (Mon. 
thru Thurs.). 

Regarding all Class 705 applications, the management contact regarding 
examination is: Vincent Millin (SPE, art unit 3624) at 571-272-6747. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Timothy Meeks can be reached on 571-272-1423. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Alain L. Bashore 
Primary Examiner 
Art Unit 1762 



